When the AMD Platform Security Processor (PSP) boot rom loads, authenticates, and subsequently decrypts an encrypted FW, due to insufficient verification of the integrity of decrypted image, arbitrary code may be executed in the PSP when encrypted firmware images are used.
References
| Link | Resource |
|---|---|
| https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021 | Vendor Advisory |
| https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021 | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
Configuration 9 (hide)
| AND |
|
Configuration 10 (hide)
| AND |
|
Configuration 11 (hide)
| AND |
|
Configuration 12 (hide)
| AND |
|
Configuration 13 (hide)
| AND |
|
Configuration 14 (hide)
| AND |
|
Configuration 15 (hide)
| AND |
|
Configuration 16 (hide)
| AND |
|
Configuration 17 (hide)
| AND |
|
Configuration 18 (hide)
| AND |
|
Configuration 19 (hide)
| AND |
|
Configuration 20 (hide)
| AND |
|
History
21 Nov 2024, 05:56
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021 - Vendor Advisory |
18 Nov 2021, 19:14
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-345 | |
| References | (MISC) https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021 - Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : 4.6
v3 : 7.8 |
| CPE | cpe:2.3:h:amd:epyc_7713p:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7713p_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:amd:epyc_7763:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7763_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7713_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7453_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:amd:epyc_7713:-:*:*:*:*:*:*:* cpe:2.3:h:amd:epyc_74f3:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7663_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:amd:epyc_7313:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_72f3_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7643_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:amd:epyc_7443p:-:*:*:*:*:*:*:* cpe:2.3:h:amd:epyc_7343:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7413_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_74f3_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:amd:epyc_72f3:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7543p_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_75f3_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7343_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_73f3_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7313p_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:amd:epyc_7663:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7443_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:amd:epyc_7643:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7513_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:amd:epyc_7513:-:*:*:*:*:*:*:* cpe:2.3:h:amd:epyc_7313p:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7543_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:amd:epyc_7443:-:*:*:*:*:*:*:* cpe:2.3:h:amd:epyc_7543:-:*:*:*:*:*:*:* cpe:2.3:h:amd:epyc_7413:-:*:*:*:*:*:*:* cpe:2.3:h:amd:epyc_7453:-:*:*:*:*:*:*:* cpe:2.3:h:amd:epyc_7003:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7443p_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:amd:epyc_7543p:-:*:*:*:*:*:*:* cpe:2.3:h:amd:epyc_75f3:-:*:*:*:*:*:*:* cpe:2.3:h:amd:epyc_73f3:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7313_firmware:*:*:*:*:*:*:*:* |
16 Nov 2021, 19:34
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2021-11-16 19:15
Updated : 2024-11-21 05:56
NVD link : CVE-2021-26315
Mitre link : CVE-2021-26315
CVE.ORG link : CVE-2021-26315
JSON object : View
Products Affected
amd
- epyc_7713
- epyc_7003_firmware
- epyc_73f3_firmware
- epyc_7443_firmware
- epyc_7543_firmware
- epyc_7313_firmware
- epyc_7663
- epyc_7343_firmware
- epyc_7543p_firmware
- epyc_73f3
- epyc_72f3_firmware
- epyc_7643
- epyc_7443
- epyc_7513_firmware
- epyc_7713_firmware
- epyc_7543p
- epyc_74f3_firmware
- epyc_7413_firmware
- epyc_7643_firmware
- epyc_7713p
- epyc_7763_firmware
- epyc_72f3
- epyc_7413
- epyc_75f3_firmware
- epyc_7313p
- epyc_7313p_firmware
- epyc_7713p_firmware
- epyc_74f3
- epyc_7443p
- epyc_7443p_firmware
- epyc_7513
- epyc_7763
- epyc_7343
- epyc_7453
- epyc_7003
- epyc_7663_firmware
- epyc_7543
- epyc_7453_firmware
- epyc_75f3
- epyc_7313
CWE
CWE-345
Insufficient Verification of Data Authenticity